If you are using Skype, you might want to be aware of a newly discovered exploit that could be used by other Skype users to discover your remote and local IP addresses. A post on the skype-open-source blog site (via News.com) reveals the details of this exploit.
The process is unfortunately pretty simple. First, a person can download a hacked version of SkypeKit and then change a few registry keys. Then all that person has to do is try to add a new Skype contact name in the program. The IP addressees are revealed when you click on a Skype user's information card. You don't even have to send a contact confirmation notice to that user, which means he or she will be unaware that you are viewing their IP addresses.
This method could be used to find out a Skype user's country and city, along which ISP he or she is using. It could also be used by hackers to go after a particular PC. However, it only seems to work if a Skype user is online at the time. We have contacted Skype for comment on this exploit and if they have plans to fix it.
Update - Microsoft sent over a statement from Adrian Asher, director of product security for Skype.
We are investigating reports of a new tool that captures a Skype user’s last known IP address. This is an ongoing, industry-wide issue faced by all peer-to-peer software companies. We are committed to the safety and security of our customers and we are takings measures to help protect them.
9 Comments - Add comment